Ghost Recon Phantoms Screenshots

[fire100]

Hello every one just wanted to let you guys know, tough its not confirmed yet but it was today i was playing with a good account and logged in and every thing was running smooth but when i got in match after a while i got kicked saying "You have been kicked by the administrator" and the match officially was not even started and then the game logged out and boom my account was banned.

Now why i was kicked and banned..... when i come to it, my account was old not that old but was a good account. So i got in the game and yes i had my hacks on. now why did i get kicked and get banned. Seems like their was a admin, that took my screenshot and kicked me for cheating.

Reason why i am sure of it are two. one is i made a new account and used the same hacks and got no kick. i kept pwning noobs. So the anti cheat is not yet he issue. Second here in ida.

Code:

char *__userpurge sub_5F6480@<eax>(int a1@<ecx>, int a2@<edi>, int a3, int a4)
{
  int v4; // ebx@1
  int v5; // eax@1
  char *result; // eax@2
  int v7; // esi@4
  int v8; // eax@5
  unsigned int v9; // esi@5
  signed int v10; // edi@6
  int v11; // ST24_4@7
  unsigned __int64 v12; // ST1C_8@7
  int v13; // [sp+24h] [bp-10h]@6
  int v14; // [sp+30h] [bp-4h]@1

  v14 = a1;
  v4 = a1;
  v5 = *(_DWORD *)(a1 + 24);
  if ( v5 )
  {
    v14 = 0;
    if ( (*(int (__stdcall **)(int, _DWORD, _DWORD, _DWORD, int *))(*(_DWORD *)v5 + 72))(v5, 0, 0, 0, &v14) < 0
      || (v7 = sub_9924AE("screenshot.bmp", 0, v14, 0, 0), (*(void (__stdcall **)(int))(*(_DWORD *)v14 + 8))(v14),
                                                           v7 < 0) )
    {
      *(_DWORD *)a3 = 0;
      *(_DWORD *)a4 = 0;
      result = &byte_139D1CC;
    }
    else
    {
      v8 = sub_75B5AF((int)"screenshot.bmp", (int)"rb");
      v9 = v8;
      if ( v8 )
      {
        v13 = a2;
        sub_75D2C9(v8, 0, 2);
        v10 = sub_75E961(v9);
        sub_75D2C9(v9, 0, 0);
        if ( v10 > 0 )
        {
          v11 = ((int (__stdcall *)(signed int, signed int, int))loc_2054EE6)(64, v10, v13);
          HIDWORD(v12) = v9;
          LODWORD(v12) = 1;
          *(_DWORD *)(v4 + 16) = v11;
          sub_75B4CE(v11, v10, v12);
          *(_DWORD *)a3 = *(_DWORD *)(v4 + 16);
          *(_DWORD *)a4 = v10;
        }
        sub_75B195(v9);
      }
      result = ".bmp";
    }
  }
  else
  {
    *(_DWORD *)a3 = 0;
    *(_DWORD *)a4 = 0;
    result = 0;
  }
  return result;
}

I am not sure if that the excat function as i didnt came across the same situation again but i am sure that their is something going on like this.

- - - Updated - - -

I am yet not sure, if its for local screenshot, if the game even gives user option to take screenshot. but i was banned today thats why i am mentioning this.

[claire_jhon]

you're not alone...me and my friend got EXACTLY same message of account suspension :c

EDIT: even made account suspended post 3 hours ago

[fire100]

were you using chams when you got kicked? or anything like esp.

[claire_jhon]

were you using chams when you got kicked? or anything like esp.

yep D3D was already injected and i was in lobby

[Picobello]

Hi Fire100,

This is an interesting concept that they would actually use screen captures to detect hack even in the Lobby. This is also a "manual" detection meaning that an admin is required every time to take action.
A friend of mine had that same exact situation: he was in the fire range he said and an he was kicked-out by an admin.
The only point in his situation was that the hack did not have any menu but the admin could still see that he was cheating by looking the effect of the hack in the fire range I guess? Example: no recoil and no dispersion is kind of obvious to see in the fire range.

I am calling all the genius of C++ of this forum: how could we code something in our future DLLs to prevent them to take screenshots?
Can we hook some system API for that?

[fire100]

Its for now probably unknown, because their are very few people (who know reverse engineering), play this game. I doubt very useful information about the game will ever comeout this way. I got bored myself because i was alone reversing the game and i am giving it a rest for now. But yes mostly API hooking is very useful, given that you know what you are doing.

[S1lv3rAng3l_LuLZ]

You wouldn't need to hook an API, just detour the function and pass a different snapshot if it's true what you say, but still it's gonna be suscipious DD

//Haven't been in the game for like 4 months since my multihack is still working, so I have no idea if they implemented sth like that, just spreading the shit out.

[Picobello]

I think PunkBuster has a screenshot capability. They use PunkBuster right?

[x7gamingm]

All Grp hacks are detected don't use until further notice.

[fire100]

well i wont say that, GRP devs are very active, if players play like noob before and all of the sudden do all pro with no reason then they are marked and possibly checked by admin and then they get ban.

Going on rampage also marks you and you get banned. So if you play safe you wont get banned. I use hacks and i dont get ban when i play safe but when ever i go on rampage i get banned which is obvious.

[Picobello]

Chams are not detected because they don't change the game code - This is a pure D3D hook
They run a CRC check on the game code and they know when it was changed because its signature changes
No recoil, infinite ammo and all the rest change the game code and so you get detected eventually.

[S1lv3rAng3l_LuLZ]

Chams are not detected because they don't change the game code - This is a pure D3D hook
They run a CRC check on the game code and they know when it was changed because its signature changes
No recoil, infinite ammo and all the rest change the game code and so you get detected eventually.

When you are noob and you can't disable/emulate the check.

[x7gamingm]

I'm not gonna risk trying the new recent hack again don't feel like making a new account until someone makes a hack where you don't inject it